Building container image uses services
Use docker:dind
for containerized Docker daemon
The GitLab runner must be configured to run privileged container
job_name:
services:
- name: docker:dind
variables:
DOCKER_TLS_CERTDIR: ""
script: docker build .
See chapter Jobs and stages
Privileged containers enable host breakouts
Mitigate using gvisor, kata-containers, sysbox
Rootless and/or daeamonless builds using…
Question of security vs. usability